back to article Apple, Google mobe encryption good news... for TERRORISTS – EU top cop

People don’t know the difference between privacy and anonymity, says EU top cop Troels Oerting: they want the former, but the latter will make life too easy for criminals. The Europol Assistant Director and head of European Cybercrime Centre (EC3) was joining a chorus of lawmakers and law enforcers reacting to news that Apple …

  1. Crisp

    Irreversible encryption

    I can't imagine a more useless type of encryption.

    1. SolidSquid

      Re: Irreversible encryption

      It does kind of seem like the people popping up to criticise this don't actually know anything about the subject and are just mimicking others (badly) to get some face time on tv

    2. Anonymous Coward
      Anonymous Coward

      Re: Irreversible encryption

      I think that irreversable encryption should be used everwhere*.

      * How long would it take before NSA/GCHQ/etc stop trying to decode it?

      1. Michael Habel

        Re: Irreversible encryption

        * How long would it take before NSA/GCHQ/etc stop trying to decode it?

        >Implying that they can't do it anyway. Further >Implying that Apple, Google et-al, hasn't already given the Alphabet Soup crowd some form of a Master Password anyway. Again >Implying that they can't sell their Warez until they do...

    3. Anonymous Coward
      Anonymous Coward

      Re: Irreversible encryption

      DELETE button (and re-write 7 times :)

      1. Message From A Self-Destructing Turnip

        Re: Irreversible encryption

        Just tried that and this is the result.

        Just tried that and this is the result.

        Just tried that and this is the result.

        Just tried that and this is the result.

        Just tried that and this is the result.

        Just tried that and this is the result.

        Just tried that and this is the result.

      2. Vladimir Plouzhnikov

        Re: Irreversible encryption

        The poor and wretched bureaucrat probably meant "encryption with forward secrecy" instead of "irreversible"...

    4. JeffyPoooh
      Pint

      Code Space

      If the huge encryption key is protected behind a 4-digit PIN, would this concept still work if the concept was extended by one step so that the PIN was in turn conveniently protected behind a "Press Any Key To Display PIN" dialog?

    5. Tom 35

      Re: Irreversible encryption

      It's right up there with write only memory.

    6. Daniel B.
      Boffin

      Re: Irreversible encryption

      I can't imagine a more useless type of encryption.I can't imagine a more useless type of encryption.

      Interestingly, it is useful, but not in the context used by the speaker. Irreversible encryption is useful for password hashes, as it makes it easier to do quick hash encryption that can be only verified by encrypting the same hash and checking if the encrypted bytes match the ones you stored earlier.

      But yeah, the "irreversible encryption" they're talking about isn't irreversible at all.

    7. N13L5

      Lawmakers, cops, bankers, terrorists - all one and the same snake's nest.

      Given that governments are still just the largest, most powerful organized crime syndicates in any given area, its easy to see from where the wind blows here.

      Why don't you spooks and the f**kers behind you just declare martial law and model all our countries after Burma or Paraguay?

      Security is an illusion.no matter what you people get to spy on or not. But what can anybody do with negative selection for positions of power built into the system and psychotics running the show?

  2. Blank-Reg
    Childcatcher

    Won't somebody think of the lawmakers? All the time and effort setting up huge dragnets and data collection systems will be wasted when they need to gather evidence, get a warrant and actually arrest an individual every time they want to access a device to see if they're a baddy. For shame!

    1. Trigonoceps occipitalis

      There is an inconsistency in what is said. We need lots and lots of meta-data but not the content of comms, but please don't make our life difficult by using encryption.

      Think of the children - some just need to think full stop

    2. g e

      Not to mention the small fact that

      Criminals and terrorists will actually already be using encryption.

      DUH.

    3. P. Lee
      Holmes

      re:Won't somebody think of the lawmakers?

      Don't forget the law enforcers too!

      How terrible that their anonymous internet(-tap) usage won't work with encryption and they'll actually have to ask for data and be accountable.

      Still, nothing to hide, nothing to fear, eh?

    4. big_D Silver badge

      If the law enforcers did their job and ensured that mobile device theft was reduced by 100% and they stuck to only looking at phones with a valid search warrant, then there would be no need for encryption on mobile devices.

      Until they can effectively combat crime and until agencies work within the law, they only have themselves to blame.

  3. Brent Longborough
    FAIL

    It ought to be banned!

    Just to give Troels Oerting a helping hand, here are a few more things that terrorists and paedophiles might occasionally use, and should, therefore, be banned:

    * Cars and petrol

    * Refrigerators

    * Police uniforms

    and, last but not least,

    * Common sense

    1. The Mole

      Re: It ought to be banned!

      You missed a few things:

      * Writing in abbreviations or code on pieces of paper

      * Hiding things and not telling the police where they are

      * Making plans as a group face to face in locations where there is no-one to listen

      * Making plans in your head and not telling the police

      1. kmac499

        Re: It ought to be banned!

        I'm equally incensed by governments providing criminals with untraceable, anonymised pieces of paper allowing inter-criminal transactions to proceed.

        Worked it out yet..

        Yup Cash

        1. Gannon (J.) Dick

          Re: It ought to be banned!

          That is because the Government doesn't need Cash, kmac.

          If nerds ruled the Universe they would ban sex and personal hygiene. Be thankful.

  4. melts

    hits the nail on the head, did he not realise

    Troels Oerting actually identified the problem this move is for so clearly - "In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism"

    the part about about being authorised by a judge, and being based on a clear suspicion. These veils of 'national security' have abolished that, this is the reaction.

    as long as laws exist that allow for sweeping - unmonitored or monitored in secret - spying on people, these technologies should exist, and be widely used.

    terrorism is so overblown its fucking pathetic it gets air time let alone the ability to mold policy. call it what it is, cowards attacking your way of life and stand tall, rather than huddling in fear like they want you to. don't see why its so hard to do.

  5. Red Bren

    Knowing the difference

    "People don’t know the difference between privacy and anonymity, says EU top cop"

    Perhaps we wouldn't be in this situation if law enforcement agencies had learned the difference between

    legal and ethical behaviour

    proportionate and disproportionate reactions

    targetted and blanket surveillance

    scrutiny and accountability

    innocence and guilt

    right and wrong

    1. Anonymous Dutch Coward
      Black Helicopters

      Re: Knowing the difference

      Agreed. And ditto but even more so for politicians.

    2. Eguro
      Thumb Up

      Re: Knowing the difference

      I came to comment on a similar note.

      "We all want and need privacy, but this doesn't mean anonymity."

      I mean he's not necessarily wrong. I don't have to have anonymity, but I do want privacy.

      Unfortunately it has more or less been shown that the only way to obtain privacy is through anonymity.

      1. g e

        Re: Knowing the difference

        And encryption isn't even anonymity, either, it just means only the sender and recipient can access the content (with ease) - it doesn't follow that the metadata of Person A sent Person B an encrypted message was also obfuscated.

        SSH != TOR

        1. N13L5

          Re: Knowing the difference - "SSH != TOR"

          Don't you think the NSA owns and runs TOR by now?

          - if that wasn't already the case from the start...

  6. Roo
    Windows

    “Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens."

    Making the failure to hand over passwords/keys on request a criminal offence covers that one (lucky us in the UK).

    Surprised that he stopped at private comms & data, he will be asking us to leave the keys in the ignition of our unlocked cars on the grounds that it'll make policing car crime a bit easier next.

    1. Anonymous Blowhard

      "Making the failure to hand over passwords/keys on request a criminal offence covers that one (lucky us in the UK)."

      And once Theresa May has abolished that pesky Human Rights Act, they'll be able to torture the keys out of you!

      1. Anonymous Coward
        Anonymous Coward

        I really can't believe they will get rid of the human rights act... we were an original signatory to it IIRC, we have a history of pushing for human rights in this country...

        Suggesting they will remove human rights is clearly a way to loose the next election, they must see that?

        Imagine how hard people will campaign to make people realise the conservatives are turning us into a authoritarian state!

        I for one am so glad scotland remained in the Union, without their labour votes, we might have been in for another Tory government at the next election...

        I am usually a Tory voter, but their record on human rights over the last government is appalling!

        1. Bernard M. Orwell

          "Suggesting they will remove human rights is clearly a way to loose the next election, they must see that?"

          Alas, no. The government (of any flabour or stripe) has been weaving a narrative, supported by certain elements of the press, that Human Rights only serves to protect criminals who would otherwise have been convicted. It's on this platform that the right (ConKip) has been steadily building public concensus towards getting out of the EU.

          Once we leave the EU (which is looking fairly inevitable at the moment) we will lose not just the HR protections we have, but *all* oversight that prevents our government from enacting just about any measure they want.

          For some examples of things the EU, ECHR and ECJ have protected us from look back over the last four or five Home Secretaries careers and look at the various plans that have been scuppered by Europe saying "Non!" and "Nein!" at our leaders; Identity Cards, Stop & Search, Centralised DNA database, Camera surveillance in homes (Yes, they did try that one) and many others.

          Unfortunately, the stupid part of our nations population has come to believe that to get rid of the TerrorPedos, Brown People Next Door and Spongers(tm), we have to give up this oversight...but it's all ok, because Cameron will write a nice, new British Charter that will protect all the "Proper Brits", won't he?

          Please, when the referendum comes up, consider this before voting away our last line of defence.

          1. genghis_uk

            Human Rights - the media war

            I see the UK press is pushing the government agenda today

            Daily Express: (I don't read it but saw this on the news stand!)

            Human rights madness to end: Europe's judges to be stopped from meddling in our affairs

            Human Rights is getting in the way of the draconian legislation UKGov wants to pass but being sold as those pesky Europeans meddling…

            The problem is I don't see Labour doing anything different. They wanted to scrap the Human Rights Act in the early 2000's when incarceration without trial was being used on terrorist suspects. We really need a "None of the Above" entry on the next election ballot papers! They are all as bad as each other and seem to be competing to see who can get the police state installed first

        2. Infernoz Bronze badge

          Human Rights are a mirage

          In theory Human Rights should protect us, but they are seen as the maximum official rights (privileges) people have, which are often broken unofficially.

          What we really need is respected for common law, ethics, morals, and unlimited, cultural, plain common decency, not hypocritical, 'do gooder', creeping socialist, statist rights.

      2. peter_dtm
        Mushroom

        that depends if they re-instate Common Law & Habeas Corpus that they had to (illegally) abrogate before they could REDUCE our rights with the un-needed by Common Law jurisprudence EHRC & the enabling act.

        When originally mooted the EHRC was not deemed to be as strong as UK Common Law rights & therefore it was not only unnecessary to 'enable' the EHRC but would in fact (and did) remove our Common Law rights leaving us all less protected (30 day detention ring any bells ? Illegal under Habeas Corpus).

        You did know that Habeas Corpus is no longer part of the law didn't you ? Because Habeas Corpus & assorted other Common Law rights PREVENTED the EHRC from working.

        So get the right end of the stick - get rid of the pathetic HRA and restore Common Law rights; so for instance just one example of REDUCED rights :

        - No extradition unless

        -- it is a crime in the UK

        -- there is prima facia evidence that there is a case to answer under UK law

        -- No foreign governments/courts would have primacy over the Law Committee of the House of Lords ( now replaced by the very inferior Supreme Court - a court that is NOT supreme because it can be overruled by FOREIGN courts who run a complete different jurisprudence that is NOT compatible with Common Law)

        Shove the Human Rights Act; Common Law countries don't need an inferior copy of what we have (because that is what the EHRC is; an inferior copy; weakened because Code Napoleon can not tolerate the State NOT being supreme)

        1. Avalanche

          The ECHR describes a minimum set of rights assigned to all. Countries can have (and do have) laws that assign more rights to their citizens. Your claim that ECHR would cancel out broader and more inclusive rights is bullshit. More likely UK politicians used it as an excuse to remove rights.

  7. Anonymous Coward
    Anonymous Coward

    The lady doth protest too much methinks.

    Or in this case the gentleman from Europol. Ever since Apple & Google announced they were going to do this, Law Enforcement Agencys from the 'FIVE EYES' have been bemoaning how this technology is going to hamper them and put lives at risk...its as though they're reading lines of a pre-prepared script.

    It wasn't all that long ago when these agencys led us to believe that you couldn't be identified on the web...we were fooled once.

    1. SolidSquid

      Re: The lady doth protest too much methinks.

      Wait, when did they ever claim that? There's *always* been a chance of being identified online, even if you take precautions like tor or VPNs. There's never been a time when there was no way for a machine to be identified, just ways to make it difficult enough that people give up looking

      1. Cipher

        Re: The lady doth protest too much methinks.

        SolidSquid:

        Even if I spoof my MAC address, walk into a cybercafe or local wifi hotspot and fire up my Tails CD?

        1. Trevor_Pott Gold badge

          Re: The lady doth protest too much methinks.

          Sure, because all I need to find you is this:

          1) Logs of signal strengths of various wifi nodes in the region which can be crunched to give me an approximate location for you.

          2) You to slip you and get your face on video

          Combine with things like "paying by debit car/visa/using bonk-to-pay transit" or other things and I can narrow down "who you are" pretty easily, if I've a mind to.

          If I have the cooperation of other international policing agencies to allow me to gather metadata enough to even narrow your initial access point then I, personally, can pwn you with just the resources of my local police force. And I'm not a cyber security expert.

          Do not fool yourself: being fully anonymous on the internet is a damn difficult - and increasingly expensive - job. It involves laundering money, using mules to buy burners and disposable credit cards and various other things to accomplish. The last time I ran the numbers, a single session of true internet anonymity would cost you 4 days or prep time, two mules and $7500.

  8. Vladimir Plouzhnikov

    I would add

    "Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens."

    I would add that it's about time to do away with that outrageous interference with the police and anti-terrorist forces work and finally ban the door locks and window curtains for good! Enough is enough!

    For how long should the law abiding citizens suffer the necessity to repair their doors and reinstall those locks after an innocuous dawn raid? For how long should the valiant detectives risk their lives and dignity trying to peek through the curtained windows?

    And while we are at that - why should the hard-working staff at the Crown Prosecution Service have to explain themselves about the way they collected their evidence, almost as if it is them who are being tried in the court of law?

    And why should the criminals in-all-but-name, sitting in the dock and answering the grave and just charges in front of an honourable judge be allowed to put sand in the wheels of justice by, wait for it - defending themselves?? How dare they???

  9. ratfox

    This applies to the offline world and should also apply to the online world.

    Die Gedanken sind frei, wer kann sie erraten,

    sie fliegen vorbei wie nächtliche Schatten.

    Kein Mensch kann sie wissen, kein Jäger erschießen

    mit Pulver und Blei: Die Gedanken sind frei!

  10. Frankee Llonnygog

    It would save time if ...

    ... we just made privacy illegal.

    After all, since the revelation that spy cops were the prime movers in not just leading but shagging UK activists over the past couple of decades, there's nowhere much left that they haven't been poking their investigative protuberances.

    1. wolfetone Silver badge

      Re: It would save time if ...

      Well if the UK stupidly votes for a Conservative government next year, who want to get rid of the Human Rights Act, we could very well see privacy advocates classed as terrorists etc etc. Obviously not stemming from the abolishment of the HRA, but because a Government so evil and calculated to even consider the abolisment of such an act probably would think making privacy illegal was such a good thing to do.

      "If you have nothing to hide you have nothing to worry about" said William Hauge, the "greatest living Yorkshireman". I'm not from Yorkshire, but even I know that's a load of bullshit.

      1. Frankee Llonnygog

        Re: It would save time if ...

        Charles Stross yesterday pointed out that Churchill was instrumental in the Human Rights Act. Thus do today's worms undo the work of yesterday's mighty dragons (or sumfink)

        1. peter_dtm
          Megaphone

          Re: It would save time if ...

          and Churchill also said that the UK did not need to have an HRA - because we had the far supperior Common Law & Bill of Rights (yes we do have a written constitution - oh my; they had to break it illegally to get the stupid HRA into law)

          1. Frankee Llonnygog

            Re: It would save time if ...

            "As we show the existence of the HRA’s rights and freedoms derives from British common law. Their codification was specifically inspired by Winston Churchill and the Act is thoroughly conservative in its content and operation"

            https://www.liberty-human-rights.org.uk/sites/default/files/churchill-s-legacy-the-conservative-case-for-the-hra-october-2009.pdf

        2. Brent Longborough

          Re: It would save time if ...

          I think the words you're looking for are these:

          "The crows to peck at eagles"

      2. Anonymous Coward
        Anonymous Coward

        Re: It would save time if ...

        I think the Tories are more concerned about the large number of Scottish independence activists who, wait for it, do not belong to a political party. They'll want to nip that sort of undemocratic behavior in the bud smart-ish, before it catches on elsewhere.

        1. h4rm0ny

          Re: It would save time if ...

          Honestly, I almost wish Scotland HAD voted 'Yes'. Then the Conservatives wouldn't feel so under pressure to adopt the policies of UKIP in a pathetic attempt to claw back some of those votes (a tactic that almost never works as the vote shift is more based on image and flag-waving than rationality). Also, we'd be significantly less likely to get a Labour government anytime soon. I would rather evils of the Tory Party than the reactionary, ideological idiocy of New Labour.

          Oh, and on topic? I'd actually agree with this person on an open discussion about where to draw the line between protecting society and individual rights, except for the fact the last decade is a year by year lesson in the fact that the government will use any unethical or illegal means it can get away with to spy on us and needs to be beaten back with a stick repeatedly and forever.

  11. thomas k.

    Funny ...

    I don't recall being asked, via a political and ethical discussion on the trade-offs, to help set the balance prior to our gub'ments engaging in the mass surveillance of us citizens. Must not have gotten that memo.

  12. Anonymous Coward
    Anonymous Coward

    The right balance between freedom and security

    Security: Not getting beaten up in your own home by criminals

    Freedom: Not getting beaten up in your own home by bent cops.

    Why is this an either-or choice again?

  13. Anonymous Coward
    Anonymous Coward

    Wrong.

    Oh, but I DO want privacy AND anonymity too, natch! (AC not for the comment but rather to support the point)

    1. The Vociferous Time Waster

      Re: Wrong.

      Cool, now your identity is known only to the staff at El Reg (along with anyone tapping your internet)

      1. Anonymous Coward
        Anonymous Coward

        Re: Wrong.

        Well, I did say this particular case was a symbolic gesture, the actual result is unimportant. Were it actually of any consequence, El Reg would probably be welcome to inspect the exit point of some anonymizer proxy or Tor, while those tapping my internet ( hey, keep your hands off it! It's mine, mine, mine, all mine!!! ;) would be welcome to stare at an endless stream of (to them) meaningless bits as long as they like. Therefore you point is, what exactly...?

  14. DrXym

    Won't make much difference at all

    Client side encryption tied to a weak authentication like a pin or fingerprint really poses little challenge for police or intelligence services who get their hands on the phone. The encryption key in most cases would be trivial to recover and stuff like system logs that resides outside of user storage wouldn't be encrypted at all.

    Perhaps they're making a big song and dance of it precisely to encourage jihadhi loonies to go out and use smart phones for all their covert activity.

    1. Daniel B.
      Boffin

      Re: Won't make much difference at all

      Yeah, my thoughts exactly. Most people "secure" their smartphones with a 4-digit PIN which is laughable by modern standards. Brute-forcing even an 8-digit PIN is done in seconds, probably minutes depending on the algorithm used.

    2. Anonymous Coward
      Anonymous Coward

      Re: Won't make much difference at all

      Hang on, you think the police are going to be able to break this? How exactly? By trying 10,000 PIN codes one by one, hoping you're dumb enough to have a 4 digit PIN, and hoping you're not paranoid enough to enable the option to wipe your device with 10 wrong guesses? By removing the flash chips from your phone and loading the encrypted data off them to work with?

      Too bad Apple salts the encryption, so rainbow tables won't work. It won't take a very complex password to keep them out, unless they hand the problem over to the NSA, in which case you might want to consider a complex 16 character password.

      Our governments have no one but themselves to blame. It used to be if you were worried about the government slurping up data on normal citizens you were fitted for a tin foil hat. Now the ones wearing Reynolds Wrap are the ones who still think the government can be trusted.

  15. Anonymous Coward
    Anonymous Coward

    He has it wrong...

    As many others have pointed out.

    “In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world."

    Suspicions are a doubt, a feeling that appearances are not reliable. I have a suspicion that the State's motives, while perhaps honourable at this point in time, can too easily be used against those they are purporting to serve. The price of freedom is eternal vigilance, this was not said in reference to the government, but in reference to those who are governed, as it they who must forever be on guard against those who would sell them subjugation as security.

    “Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens."

    A person's device is their private property. See the word 'private' there? Associating 'anonymity' with the information contained on a private device is an inference that does not follow from the premise of the argument given. It is, in effect, non-sequitur. Policing is a difficult job, it is difficult because it must respect the rights and freedoms of those who are served by the police. Society must deal with criminals of all types, particularly bad criminals might have to be eliminated from our midst; this applies to those in power (corruption) as well as to those who would seek power over us (terrorists). Take the high-road, learn from the mistakes of history.

    And he actually has this bit (mostly) correct;

    " We have to find the right balance between security and freedom - and this balance has to be set by citizens in a political and ethical discussion on the trade-offs,” said Oerting.

    Although he needs not talk so much about "security" as it implies limitation of freedom. Something is secured to a post, in a vault, or otherwise restrained. I don't have a solution for him except to tell him that subjugation of the people by mass surveillance and/or disrespecting the foundations on which a free society operates is not the answer.

    Anonymous, because a police state is not the same as a policed-state.

  16. naive

    Where is all this fuss about ?.

    http://en.wikipedia.org/wiki/Inquisition

    Or perhaps they could change laws allowing law enforcement to use drugs which make people answer questions in a truthful manner if the judge allows this.

  17. Asylum Sam

    So, can we assume then,

    that the FBI aren't going to bother investigating kidnappings any more, since it's now ''impossible to save children from kidnappers''?

    1. Eguro

      Re: So, can we assume then,

      Think of the money saved from the federal budget.

      Sure it's too bad for the people kidnapped and their families, but that's what you get for encrypting your phone I guess.

  18. nanchatte

    “In any *democratic* society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism."

    Amazingly, I agree with you in full... Which is exactly why WE in our society need "irreversable encryption" as you call it, more than ever before.

    I love it when politicians prove themselves correct dispite their best efforts to be disingenuous.

    (by the way is there such a thing as irreversable encryption? Surely the definition of encryption includes a method to retrieve said data).

  19. envmod

    Lazy?

    Is it just me or are law enforcement and intelligence agencies just plain lazy these days? All they can think about seemingly is monitoring the internet..it's like they can't see past that. I think they need to get back to more basic detective and intelligence gathering methods - they used to do OK before the internet was invented - many would say they used to do a better job in fact. Sure, the internet is undoubtedly going to play a part these days in investigations and intelligence gathering, but I think they need to re-learn some of the techniques they appear to have forgotten and like, actually get out of the office into the field once in a while.

    1. Geoffrey W

      Re: Lazy?

      Well, yes, but the internet is how most people communicate these days so that's why they concentrate on that.

      In the old days they did the same but that involved tapping telephones, and boiling kettles of water to steam open paper mail, or disguising themselves as trees in the park so they could listen to people saying naughty things to each other.

  20. Andrew Jones 2

    Surely this will just come under the "if you don't hand over the necessary data to decrypt your mobile phone, you will be considered to be a terrorist and thrown in jail" law that we already know and love?

  21. The BigYin

    Screw him

    He and his cronies made people fear their own governments, now he reaps the response.

  22. Anonymous Coward
    Anonymous Coward

    It sure is funny that whenever the government wants to justify its massive snooping into its citizen's lives, they always mention 'child molesters' and terrorists; the latest key buzzwords. But when you look at it, something else is happening. For instance, the massive snooping by the NSA into recording cell phone metadata may have stopped, at most, one terrorist attack. No, these people don't care one bit about terrorists or childmolesters, they are using this snooping for other reasons. Those reasons could eventually be stamping out dissent against the government.

    1. Bernard M. Orwell
      Coat

      "It sure is funny that whenever the government wants to justify its massive snooping into its citizen's lives, they always mention 'child molesters' and terrorists; the latest key buzzwords."

      I sum it up with "Fire the TerrorPedos!"

  23. The Vociferous Time Waster

    Hidden in plain sight

    sneaky beaky sorts have been hiding their secrets in plain sight for decades, either in the private advert column of a newspaper or under a rock in the park; it is all just basic field craft.

    Modern equivalent is putting some obscure message on to pastebin so it looks like nothing important unless you know what you are looking for

  24. JaitcH
    Happy

    MESH has the answer

    MESH network radios are secure and effectively untraceable. Western military are switching to MESH in a big way. And MESH is designed to work around damaged/incapacitated Nodes.

    Until this year my employer was bashing them out for the military of countries politically adverse to the USA for around USD$40 a copy, Now the Chinese have them in sale for USD$30 each!

    There is an App for using an Android cell handset as a terminal node for interfacing a MESH network to the InterNet.

    I think GCHQ and NSA have their work cut out for years to come as more and more systems of all types go dark.

  25. Anonymous Coward
    Anonymous Coward

    He spoke out of turn..

    .. as there are internal discussions ongoing about how to tighten up the evidence chain and his comments are unhelpful.

    Law enforcement has blotted its copybook with help of lawmakers, and until they regain the trust of the public their ability to fight crime is going to diminish. This means transparency, this means accountability, this means clear enforcement of the few rules left - sometimes even staying away from the grey zones instead of crossing them into the dark.

    We're presently so mad at lawmakers breaking the rules and their promises that we forget that bad people do exist - even terrorists. However, I am dead against any expansion of police powers until we get a grip on them again. Power without control is addictive, and tends to bring out the worst in people. We can see that right now, and it's dangerous.

    1. Pascal Monett Silver badge

      Re: "their ability to fight crime is going to diminish"

      I'm sorry, how exactly is not being able to freely and easily snoop on MY phone data connections going to lessen the police's ability to arrest the thug who is pushing old ladies around to get their handbag ?

      Unless . . is there an app for that ?

  26. Mad Chaz

    “In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world."

    And that is why encryption is a good thing, as it forces the law enforcement to actually, you know, ask a judge for a warrant. Once you're actually doing that, we can talk. For now, go back into the hole you crawled out of.

  27. tfewster
    WTF?

    Really?

    “Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens."

    Really? How is my innocent, honest life made more difficult just because I use encryption? (Apart from having to remember yet another passphrase).

    On the other hand, if I want to knock over a bank or make a bomb, will encryption really help me get a gun or chemicals?

  28. Anonymous Coward
    Flame

    Well, its nice to know that over-officious law enforcement is not just a U.S. phenomenon...

    "Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens. "

    Mr. Oerting, I'm a law-abiding citizen, and how is full encryption going to make my life very difficult? From my perspective, I love the idea that information regarding my personal plans, movements, associations, personal business and financial transactions and political and social interactions is going to be encrypted. I'll have much less to worry about from hackers who might seek to steal my identity or leverage my personal information for criminal purposes. And of course, I will have less to worry about that my perfectly legal actions and interactions within society will not get me inappropriately placed on some government watch list, with untold damage to my economic prospects, freedom of movement and political freedoms.

    YOU and your buddies at various U.S. and European alphabet agencies brought this upon yourselves, when the onward march of Moore's law seduced you into thinking it was better to surveil large portions of society, rather than really look out for the small minority of extremists and organized criminals. Now that you have been caught with your hands in everyone's cookie jars, you bitch and moan about how people want their privacy and don't understand they are really asking for anonymity. As for me, I want anonymity, because without anonymity you can easily crush my privacy using the governmental resources the EU can call on within it's own membership, much less when things get sticky enough that Mama Europa has to call in Uncle Sam, Johnny Canuck, Israel, Interpol and God knows who else you have on speed-dial to kick my privacy's ass.

    I'm not doing anything wrong, if you believe differently--prove it. In the meantime, get out of my face with your bureaucratic empire-building and take responsibility for the crap you pulled, instead of patronizing me with this "We know what's best for you, the honest citizen" bullshit.

  29. Anonymous Coward
    Anonymous Coward

    yeah, but - what if the children ARE the terrorists?!

    1. thomas k.

      Then their kidnappers are in for quite the surprise, I'll wager.

  30. Dan Paul

    What ordinary citizens need is.......

    A legal system that allows average (non lawyer) citizens to challenge the law. Protections against the illegal search and seizure of property and persons, suppositition of innocence, right to know who is your accuser, right to ALL the evidence against you, oops, errm, uuuuh, hmmm.

    Isn't that what we are ALREADY SUPPOSED to have?

  31. Kiwi

    So lets just say...

    Just say for a moment that I am some vile criminal who has dubios data on my phone. Could be pics of a favourite drug dealer or favourite kid. Doesn't matter what it is, as the basics remain the same.

    First, of all the millions of phones in my country, the cops would have to decide that mine is worth investigating.

    Then they would have to seize it before I could destroy evidence (and with security tools that allow a phone to be wiped if it is stolen, it's harder for them to do that (yes I know ways they could but I'm not prone to giving the plod any more knowledge to abuse than they already have).

    If I have any intelligence I am not likely to keep the data on the phone (which is a large and relatively attractive-to-steal object, especially given than an elderly friend recently had his 10 year old dumbphone stolen!), and even if full-device encryption isn't available, I am likely to have data (eg pictures) they're interested in encrypted on a mSD card.

    That's where the probems lie. Have you noticed how small a micro-SD card is? I expect I could swallow one if I really needed to (harmful chemicals aside), I can certainly hide one in an item of clothing where it'd be unlikely to be detected.. Crack between a couple of floor boards. Flush it. Drop it somewhere during a police chase. They can also be easily broken, almost certainly rendering them useless.

    To get my phone, you have to have sufficient interest in me AND be able to effectively catch me in the act. If you're about to catch me in the act, you don't need my phone.

    I don't do anything requiring privacy, certainly not requiring encryption (aside from customer stuff), but even I can, with a moments thought, come up with a number of ways that I expect would be quite normal for criminals to use to avoid data being found IF they're detected and of interest to the police in the first place.

    I also know, at least with NZ police, that if they really want you, they'll fabricate evidence against you (including falsifying witness statements), assault your family and friends to "encourage" a confession, and in some cases even kill you. If your phone doesn't have the evidence they want, that's OK, they have plenty of stashes they can get it from and plenty of ways to get it onto your kit. The defence will never see an un-tainted bit of hardware and the corrupt forensic investigators will be sure that all "disk images" contain appropriate files in appropriate locations with correct dates etc. Or they'll just claim they suspect the disk has "un-detectable encryption" on it that you have to prove isn't there, and lock you up for not revealing that it is there. And if they want you enough and you get a bad enough judge, even if you could prove beyond a reasonable doubt that you have made all the data available, the judge can just say "I think there's more" and you're just as screwed.

    In NZ at least the phone really doesn't matter. Any crim with an ounce of knowledge won't have anything of any real use on it , and if the phone (or other device) does not have any incriminating evidence the police are well skilled in making it up as they go along.

    </rant>

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like